553 research outputs found

    IPv6 Network Mobility

    Get PDF
    Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

    A Security-aware Approach to JXTA-Overlay Primitives

    Get PDF
    The JXTA-Overlay project is an effort to use JXTA technology to provide a generic set of functionalities that can be used by developers to deploy P2P applications. Since its design mainly focuses on issues such as scalability or overall performance, it does not take security into account. However, as P2P applications have evolved to fulfill more complex scenarios, security has become a very important aspect to take into account when evaluating a P2P framework. This work proposes a security extension specifically suited to JXTA-OverlayÂżs idiosyncrasies, providing an acceptable solution to some of its current shortcomings.El proyecto JXTA-Overlay es un esfuerzo por utilizar la tecnologĂ­a JXTA para proporcionar un conjunto genĂ©rico de funciones que pueden ser utilizadas por los desarrolladores para desplegar aplicaciones P2P. Aunque su diseño se centra principalmente en cuestiones como la escalabilidad y el rendimiento general, no tiene en cuenta la seguridad. Sin embargo, como las aplicaciones P2P se han desarrollado para cumplir con escenarios mĂĄs complejos, la seguridad se ha convertido en un aspecto muy importante a tener en cuenta a la hora de evaluar un marco P2P. Este artĂ­culo propone una extensiĂłn de seguridad especĂ­ficamente adaptada a la idiosincrasia de JXTA-Overlay, proporcionando una soluciĂłn aceptable para algunas de sus deficiencias actuales.El projecte JXTA-Overlay Ă©s un esforç per utilitzar la tecnologia JXTA per proporcionar un conjunt genĂšric de funcions que poden ser utilitzades pels desenvolupadors per desplegar aplicacions P2P. Tot i que el seu disseny se centra principalment en qĂŒestions com ara la escalabilitat i el rendiment general, no tĂ© en compte la seguretat. No obstant aixĂČ, com que les aplicacions P2P s'han desenvolupat per complir amb escenaris mĂ©s complexos, la seguretat s'ha convertit en un aspecte molt important a tenir en compte a l'hora d'avaluar un marc P2P. Aquest article proposa una extensiĂł de seguretat especĂ­ficament adaptada a la idiosincrĂ sia de JXTA-Overlay, proporcionant una soluciĂł acceptable per a algunes de les seves deficiĂšncies actuals

    A Security Framework for JXTA-Overlay

    Get PDF
    En l'actualitat, la maduresa del camp de la investigaciĂł P2P empĂšs a travĂ©s de nous problemes, relacionats amb la seguretat. Per aquesta raĂł, la seguretat comença a convertir-se en una de les qĂŒestions clau en l'avaluaciĂł d'un sistema P2P, i Ă©s important proporcionar mecanismes de seguretat per a sistemes P2P. El projecte JXTAOverlay fa un esforç per utilitzar la tecnologia JXTA per proporcionar un conjunt genĂšric de funcions que poden ser utilitzades pels desenvolupadors per desplegar aplicacions P2P. No obstant aixĂČ, encara que el seu disseny es va centrar en qĂŒestions com ara l'escalabilitat o el rendiment general, no va tenir en compte la seguretat. Aquest treball proposa un marc de seguretat, adaptat especĂ­ficament a la idiosincrĂ sia del JXTAOverlay.At present time, the maturity of P2P research field has pushed through new problems such us those related with security. For that reason, security starts to become one of the key issues when evaluating a P2P system and it is important to provide security mechanisms to P2P systems. The JXTAOverlay project is an effort to use JXTA technology to provide a generic set of functionalities that can be used by developers to deploy P2P applications. However, since its design focused on issues such as scalability or overall performance, it did not take security into account. This work proposes a security framework specifically suited to JXTAOverlayÂżs idiosyncrasies.En la actualidad, la madurez del campo de la investigaciĂłn P2P empujado a travĂ©s de nuevos problemas, relacionados con la seguridad. Por esta razĂłn, la seguridad comienza a convertirse en una de las cuestiones clave en la evaluaciĂłn de un sistema P2P, y es importante proporcionar mecanismos de seguridad para sistemas P2P. El proyecto JXTAOverlay hace un esfuerzo por utilizar la tecnologĂ­a JXTA para proporcionar un conjunto genĂ©rico de funciones que pueden ser utilizadas por los desarrolladores para desplegar aplicaciones P2P. Sin embargo, aunque su diseño se centrĂł en cuestiones como la escalabilidad o el rendimiento general, no tuvo en cuenta la seguridad. Este trabajo propone un marco de seguridad, adaptado especĂ­ficamente a la idiosincrasia del JXTAOverlay

    Flexible and Scalable Public Key Security for SSH

    Get PDF
    A standard tool for secure remote access, the SSH protocol uses public-key cryptography to establish an encrypted and integrity-protected channel with a remote server. However, widely-deployed implementations of the protocol are vulnerable to man-in-the-middle attacks, where an adversary substitutes her public key for the server\u27s. This danger particularly threatens a traveling user Bob borrowing a client machine. Imposing a traditional X.509 PKI on all SSH servers and clients is neither flexible nor scalable nor (in the foreseeable future) practical. Requiring extensive work or an SSL server at Bob\u27s site is also not practical for many users. This paper presents our experiences designing and implementing an alternative scheme that solves the public-key security problem in SSH without requiring such an a priori universal trust structure or extensive sysadmin work--although it does require a modified SSH client. (The code is available for public download.

    Federated identity architecture of the european eID system

    Get PDF
    Federated identity management is a method that facilitates management of identity processes and policies among the collaborating entities without a centralized control. Nowadays, there are many federated identity solutions, however, most of them covers different aspects of the identification problem, solving in some cases specific problems. Thus, none of these initiatives has consolidated as a unique solution and surely it will remain like that in a near future. To assist users choosing a possible solution, we analyze different federated identify approaches, showing main features, and making a comparative study among them. The former problem is even worst when multiple organizations or countries already have legacy eID systems, as it is the case of Europe. In this paper, we also present the European eID solution, a purely federated identity system that aims to serve almost 500 million people and that could be extended in midterm also to eID companies. The system is now being deployed at the EU level and we present the basic architecture and evaluate its performance and scalability, showing that the solution is feasible from the point of view of performance while keeping security constrains in mind. The results show a good performance of the solution in local, organizational, and remote environments

    Important Lessons Derived from X.500 Case Studies

    Get PDF
    X.500 is a new and complex electronic directory technology, whose basic specification was first published as an international standard in 1988, with an enhanced revision in 1993. The technology is still unproven in many organisations. This paper presents case studies of 15 pioneering pilot and operational X.500 based directory services. The paper provides valuable insights into how organisations are coming to understand this new technology, are using X.500 for both traditional and novel directory based services, and consequently are deriving benefits from it. Important lessons that have been learnt by these X.500 pioneers are presented here, so that future organisations can benefit from their experiences. Factors critical to the success of implementing X.500 in an organisation are derived from the studies

    UXP Portal 2.0 Functional Requirements Specification

    Get PDF
    Cybernetica on vĂ€lja töötanud toote Unified eXchange Platform (UXP), pakkumaks turvalist ja töökindlat organisatsioonidevahelist andmevahetuskihti. UXP Portal on universaalne klientrakendus ĂŒle UXP platvormi pakutavate teenuste tarbimiseks. UXP Portal’i esimese versiooni pĂ”hjal tehtud jĂ€reldused viisid vajaduseni arendada vĂ€lja versioon 2.0.KĂ€esolev bakalaureusetöö kirjeldab UXP Portal 2.0 arendusprotsessi kĂ€igusvalminud Ă€riprotsesside modelleerimise ja funktsionaalsete nĂ”uete spetsifitseerimise tööprotsessi ja tulemusi. Projekti tarkvaraarendusprotsessi aluseks on Rational Unified Process (RUP). Projekti raames valminud skeemid jĂ€rgivad unifitseeritud modelleerimiskeele (UML) pĂ”himĂ”tteid. Nii talitluse kui ka sĂŒsteemi kĂ€itumise kirjeldamiseks on kasutatud kasutusmallimudeleid. Valminud kasutusmallimudelid on sisendiks arendusprotsessi jĂ€rgnevatele tĂ¶Ă¶ĂŒlesannetele.NĂ”uete spetsifitseerimise muutis keeruliseks tĂ”siasi, et UXP Portalit arendatakse ettevĂ”tte oma tootena ehk puudub konkreetne klient, kellega koostöös nĂ”udeid vĂ€lja selgitada. Sellest hoolimata vĂ”ib vĂ€lise interaktsioonidisaineriga toimunud koostöö pĂ”hjal hinnata, et funktsionaalsete nĂ”uete spetsifikatsioon oli piisava detailsusastmega koostöö alustamiseks.Cybernetica has developed the Unified eXchange Platform (UXP) — an interoperability platform designed to serve as a secure and reliable data exchange infrastructure.UXP Portal is a component that serves as a universal client applicationfor accessing services over UXP infrastructure. Experience with the initial version of UXP Portal led to the development of version 2.0.This Thesis describes the process and the outputs of business process modelingand functional requirements specification for the development of UXP Portal 2.0.The development process is based on the Rational Unified Process (RUP). Themodels were created using Unified Modeling Language (UML) notation. Use-Case Models were developed for both the business and system level domains. The Use- Case Models will serve as an input for the implementation tasks.The requirements specification process was complicated by the fact that UXPPortal is developed as a product that has no direct customer to elicit requirements from. However, the requirements specification described in this Thesis proved to be sufficient for designing a user interface prototype in cooperation with an external interaction designer

    Mobile identification as a service

    Get PDF
    Dissertação de mestrado integrado em Informatics EngineeringThe benefits of using mobile identification applications as substitutes for physical documents are obvious, whether these are university student cards, company employee identification cards, the citizen card or driving license. However, as these applications grow in popularity and complexity, new requirements and needs arise that need to be addressed without disturbing the normal behavior of the application. Often the data needed to provide an authentication service is spread across multiple servers, which need to be integrated. This becomes more complicated and complex when an application provides more than one form of authentication (a driving license and a student card require data provided by different services). In this dissertation we are going to look for solutions that allow to develop an architecture that is prepared to integrate new services at runtime and allows the management of the system, maintaining its dynamic and independence from third parties, regardless of the technology and form of communication used by them. So, this dissertation presents the state of the art regarding the integration of multiple service providers and the design and implementation a proposed solution, using the WSO2 products to do so. This process is performed in the context of the mobile ID, that is a implementation of a mobile driving license based on the ISO/IEC 18013-5:2021.SĂŁo cada vez mais evidentes os benefĂ­cios do uso de aplicaçÔes de identificação mĂłvel como substitutos aos documentos fĂ­sicos, sejam estes cartĂ”es de estudantes universitĂĄrios, cartĂ”es de identificação de funcionĂĄrios de empresas, o cartĂŁo de cidadĂŁo ou a carta de condução. No entanto, Ă  medida que estas aplicaçÔes se tornam mais populares e mais complexas, surgem novas ex igĂȘncias e necessidades que precisam de ser colmatadas sem perturbar o normal funcionamento da aplicação. Muitas vezes os atributos necessĂĄrios para fornecer um serviço de identificação encontram-se distribuĂ­dos por mĂșltiplos servidores, que necessitam de ser integrados. Isto torna-se mais complicado e complexo quando uma aplicação disponibiliza mais de uma forma de identificação (uma carta de condução e um cartĂŁo de estudante requerem dados fornecidos por multiplos e diferentes serviços). Nesta dissertação vamos procurar soluçÔes que permitam desenvolver uma arquitetura que esteja preparada para integrar novos serviços em runtime e permitir toda a gestĂŁo do sistema, mantendo a aplicação dinĂąmica e independente de entidades terceiras, independentemente da tecnologia e forma de comunicação usada pelo serviço. Assim, nesta dissertação Ă© apresentado o estado da arte relativamente Ă  integração de mĂșltiplos fornece dores de serviço e o design e implementação da solução proposta, utilizando os produtos do WSO2 para fazĂȘ lo. Todo este processo Ă© realizado no contexto do mobile ID, que Ă© uma implementação da carta de condução digital baseada na ISO/IEC 18013-5:2021
    • 

    corecore